Overview

overview

10

Static

static

10

636903907b...kes118

ubuntu-18.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    636903907b2079e63767c8c20c44f9f2_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240729-12e8qaxdrf

  • MD5

    636903907b2079e63767c8c20c44f9f2

  • SHA1

    9d80149ec93136fe0943ab3e2c58f8d2b5c81cd8

  • SHA256

    d1455a563f7766266e9af1767279e3465071f19a970ed2c3562c38e9ffc3f745

  • SHA512

    f61b5fa3cedc985462a12aa740e84bb65df906cd989edb09033dc5856be80f8244ea749e5a51c7e9de7e8c33bca6ccc4ffd12ee3a4d79084c4e1ad1f1d5d7988

  • SSDEEP

    24576:4vRE7caCfKGPqVEDNLFxKsfa5I+gIGYuuCol7r:4vREKfPqVE5jKsfa5RHGVo7r

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      636903907b2079e63767c8c20c44f9f2_JaffaCakes118

    • Size

      1.1MB

    • MD5

      636903907b2079e63767c8c20c44f9f2

    • SHA1

      9d80149ec93136fe0943ab3e2c58f8d2b5c81cd8

    • SHA256

      d1455a563f7766266e9af1767279e3465071f19a970ed2c3562c38e9ffc3f745

    • SHA512

      f61b5fa3cedc985462a12aa740e84bb65df906cd989edb09033dc5856be80f8244ea749e5a51c7e9de7e8c33bca6ccc4ffd12ee3a4d79084c4e1ad1f1d5d7988

    • SSDEEP

      24576:4vRE7caCfKGPqVEDNLFxKsfa5I+gIGYuuCol7r:4vREKfPqVE5jKsfa5RHGVo7r

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks